Author: stef-guest Date: 2006-04-14 09:18:32 +0000 (Fri, 14 Apr 2006) New Revision: 3801 Modified: data/CVE/list Log: new phpmyadmin XSS cherokee already fixed some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-04-14 09:14:27 UTC (rev 3800) +++ data/CVE/list 2006-04-14 09:18:32 UTC (rev 3801) @@ -218,70 +218,68 @@ - gallery 1.5.3-1 (bug #361758) CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR ...) - fbi <unfixed> (bug #361370) -begin claimed by stef-guest CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and ...) - TODO: check + NOT-FOR-US: XBrite Members CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before ...) - TODO: check + NOT-FOR-US: GlobalSCAPE Secure FTP Server CVE-2006-1692 (Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow ...) - TODO: check + NOT-FOR-US: MWNewsletter CVE-2006-1691 (SQL injection vulnerability in MWNewsletter 1.0.0b allows remote ...) - TODO: check + NOT-FOR-US: MWNewsletter CVE-2006-1690 (Cross-site scripting (XSS) vulnerability in subscribe.php in ...) - TODO: check + NOT-FOR-US: MWNewsletter CVE-2006-1689 (Unspecified vulnerability in su in HP HP-UX B.11.11, when using the ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2006-1688 (Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and ...) - TODO: check + NOT-FOR-US: SQuery / Autonomous LAN party CVE-2006-1687 (Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 ...) - TODO: check + NOT-FOR-US: APT-webshop-system CVE-2006-1686 (Unspecified vulnerability in modules.php in APT-webshop-system 4.0 ...) - TODO: check + NOT-FOR-US: APT-webshop-system CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in ...) - TODO: check + NOT-FOR-US: APT-webshop-system CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier ...) - TODO: check + NOT-FOR-US: ecotwo Shopsystem CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk Guestbook ...) - TODO: check + NOT-FOR-US: Chipmunk Guestbook CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft ...) - TODO: check + NOT-FOR-US: TalentSoft Web+Shop CVE-2006-1681 (Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and ...) - TODO: check + - cherokee 0.5.1-1 CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows remote ...) NOT-FOR-US: Jupiter CMS CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php Jupiter ...) NOT-FOR-US: Jupiter CMS CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - TODO: check + - phpmyadmin (bug #362567) CVE-2006-1677 (MAXdev MD-Pro 1.0.73 and 1.0.72 allows remote attackers to obtain the ...) - TODO: check + NOT-FOR-US: MAXdev MD-Pro CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics ...) - TODO: check + NOT-FOR-US: MAXdev MD-Pro CVE-2006-XXXX [Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service] - cyrus-sasl2 <unfixed> (bug #361937) CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery ...) - TODO: check + NOT-FOR-US: PHPWebGallery CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...) - TODO: check + NOT-FOR-US: PHPWebGallery CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard ...) - TODO: check + NOT-FOR-US: Dark_Wizard vBug Tracker CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco Optical ...) - TODO: check + NOT-FOR-US: Cisco Optical Networking CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...) - TODO: check + NOT-FOR-US: Cisco Optical Networking CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...) - TODO: check + NOT-FOR-US: Cisco Optical Networking CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team ...) - TODO: check + NOT-FOR-US: PHPMyChat CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka ...) - TODO: check + NOT-FOR-US: Crafty Syntax Image Gallery CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax ...) - TODO: check -end claimed by stef-guest + NOT-FOR-US: Crafty Syntax Image Gallery CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable ...) - TODO: check + NOT-FOR-US: Arab Portal CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal ...) - TODO: check + NOT-FOR-US: Arab Portal CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and ...) TODO: check CVE-2006-1663